Pivotal Cloud Foundry 2.5, Now GA, Harnesses the Power of Istio and Envoy to Make Your Developers More Productive

It’s time for a status check. How are you feeling about your company’s efforts to get better at software? If you’re having success, it’s probably obvious. You’re releasing code at least weekly. You’re seeing better business outcomes. And your customer satisfaction numbers are trending up and to the right.

Or perhaps this doesn’t yet describe your business. Maybe you've worked at this digital transformation thing for a while, and are stuck in neutral. If this sounds like you, it’s time for some inspiration. And that comes from two companies worth emulating, DICK’S Sporting Goods and Shields Health Care.

DICK’s e-commerce sales have increased by 17% in their most recent quarter. Meanwhile, Shields Health Care helps hospitals achieve remarkable medication adherence rates for patients. Both of these success stories offer a reason for hope and optimism. Yes, digital transformation is hard. But it can be done. If you’re looking to reboot your innovation strategy, the success stories of these companies offer three lessons:

To capitalize on open-source innovation, let the tech mature before trusting it in production.

Run as many apps as possible on an automated platform.

Keep your chosen platform in a healthy state.

Advance your innovation strategy with PCF 2.5

These lessons just so happen to map nicely to the key themes in Pivotal Cloud Foundry (PCF) 2.5, now GA:

Now you can bring even more apps to the platform, thanks to support for multiple custom ports per Pivotal Application Service (PAS) container, and PAS Windows support for Windows Server 2019 (coming soon).

It’s easier for you to keep your platform updated with Platform Automation for PCF (beta).

Here’s a look at some existing and future capabilities in Pivotal Cloud Foundry 2.5. If you’re looking to refresh your strategy, peruse these highlights. You never know when inspiration will strike!

Istio and Envoy are two of the most exciting open source projects these days. Pivotal has worked in these communities for some time, and this tech is already used throughout the platform. (To read more, check out this post from July.)

Our efforts here have reached a new milestone in PCF 2.5: the platform now includes a new routing tier powered by Istio and Envoy. This new capability opens up lots of new opportunities to improve developer productivity and security, among other things.

The first use case where this routing tier shines is weighted routing. As the name suggests, weighted routing gives developers more control of how to split traffic when rolling out new versions of an app. When pushing a v2 of your code, it’s not a good idea to give that instance 100% of your traffic right away. It’s a lot more responsible to keep a majority of your traffic on v1 until you know v2 is up to the task.

With weighted routing, you can easily assign “weights” of traffic to each version. Give v2 10% of traffic to start, and keep 90% of traffic on v1. You can then use the Cloud Controller API to instantly tilt these weights toward v2 as it proves capable.

This type of deployment has always been possible in PAS. But it’s never been this easy to do! To learn more about this scenario, check out this deep-dive post from my colleague Brian McClain. You can also try out this demo script on your PAS 2.5 foundation.

One last note: the new routing tier will coexist alongside the familiar Gorouter, as shown below. Over time, the new tier will become the de facto option in Cloud Foundry.

These teams are laser-focused on keeping Pivotal Cloud Foundry in a healthy, vibrant state. They aim to regularly apply patches and to swiftly upgrade to new versions of PCF. Now these teams have another solution to help in this effort: Platform Automation for PCF.

Platform Automation for PCF (beta) is a collection of building blocks that help you create and manage a repeatable, reusable automated pipeline for platform upgrades. When you use this toolkit, installing and updating PCF foundations becomes dramatically easier.

Platform Automation for PCF includes these building blocks to speed platform updates.

Think of Platform Automation for PCF as a simple way for your engineers to script and automate Operations Manager actions. Why do we say “simple?” Well, these actions are:

Legible. The commands issued to Operations Manager use human-readable YAML files which can be edited and managed.

Modular. Each command has defined inputs and outputs that perform granular actions.

Are you using Concourse? If so, Platform Automation for PCF will feel familiar to you. The module uses Concourse tasks extensively.

The best way to get started with Platform Automation for PCF is to check out the documentation, review the reference pipeline, and learn how to string together tasks. And we’ve got more good news: Platform Automation for PCF works with PCF 2.1 and above.

It’s OK to admit it—you love getting to use a new OS without any of the upgrade gruntwork. We’ve done this for you recently on the Linux (Ubuntu) and Windows front. Now we’ve done it again in PAS for Windows 2.5 (coming soon): this version will ship with Windows Server 2019.

When you use PAS for Windows, you also deliver rapid, uncomplicated upgrades of Windows Server for your organization. But there’s more to the story here—this OS is packed with new features. In fact, it’s Microsoft’s strongest embrace of containers to date.

More specifically, Windows Server 2019 stabilizes and enhances a number of container APIs that Pivotal uses deep in the guts of the platform. That means Windows containers are that much faster, more stable, and more secure. That’s a good thing. Even better—you didn’t have to do any work to realize these benefits.

Never patch an OS again—let Pivotal do it for you!

One other Windows-y update to include: PAS for Windows 2.5 will support custom trusted CA certs. Windows containers will load the trusted-CA certs provided by operators in Ops Manager. There’s a good chance this feature will now make some of your .NET apps a good fit for PAS for Windows. Now apps that depend on a custom cert can benefit from the platform! What’s more, this feature has been backported to work with PAS for Windows 2.2 and up.

Here’s one ICYMI: Pivotal and VMware have teamed up to offer you more ways to deploy Kubernetes the way you want. This all started over a year ago, with the idea that Kubernetes and BOSH were made for each other. Pivotal Container Service was born. Since its inception, it has enjoyed massive success with the world’s largest organizations.

Now, this flavor of PKS is going to cover most enterprise scenarios… but not all of them. To this end, Pivotal and VMware recently launched the PKS family. You can now run upstream Kubernetes everywhere with three options. Here’s the breakdown from John Allwright’s blog post:

Enterprise PKS. The original PKS, with a new name to highlight its enterprise grade capabilities as a fully integrated, turnkey offering that runs on-premises or in any cloud.

Essential PKS. The evolution of Heptio’s HKS offering. This is the ideal choice for those that want to build their own custom architecture based on Kubernetes.

Cloud PKS (beta). A SaaS offering that VMware operates for you in the public cloud. With Cloud PKS, you can get started in minutes, and pay only for what you use. Smart clusters automate the selection of resources to constantly optimize usage, provide high availability, and reduce cost.

No matter how you want to consume Kubernetes, the PKS family has you covered!

Every organization has plenty of 12-factor apps authored with Spring Boot. These workloads were literally made to run atop a modern platform like PAS. But what about all the other kinds of apps in your enterprise estate, the ones that aren’t cloud-native? You’ve got thousands of these apps, and they deserve a good home too!

In recent times, Cloud Foundry has expanded its support for these types of workloads. (Check out Debunking Cloud Foundry Myths for a fun recap of this evolution.)

PAS 2.5 adds another type of workload to the mix, with support for multiple custom ports. You’ll appreciate this feature if you have older JEE and J2EE apps, or apps that use the TCP protocol. (The new capability will help you run some apps packaged in docker containers too.)

Now, these apps can enjoy all the built-in capabilities you’ve come to expect from the platform, like:

Elastic container runtime

Attachable backing services

Structured deployment process

Four layers of high availability

Automated scaling

Integrated logging

Platform security and visibility

This feature presents some interesting use cases for your modern, apps, as well. For example, you can configure Spring Boot Actuator to serve traffic on a separate port from your application traffic. Similarly, an app with a management interface running on a separate port becomes easier to secure and manage.

Side note: the APIs for this feature have been a beta for a while, but now they are GA. That means they won’t change, and you can use the feature in production with confidence.

Metadata helps us make sense of the Internet. Whether it’s hashtags on Twitter, keywords that drive search engine rankings, or a listing of the categories on your favorite blog, little snippets of data help us navigate our digital world.

Now in PCF 2.5, you can use metadata to help you navigate your expanse of apps running on PAS. Add descriptive metadata to these API resources:

Apps

Orgs

Spaces

Builds

Isolation Segments

Stacks

Deployments

Processes

Tasks

What could be in this metadata, you ask? Early adopters of this feature told us they plan to use metadata to:

Really, the choice is up to you—metadata can be anything that adds to the context and overall understanding about an app.

Does the git SHA scenario sound interesting? Check out this blog post: Using Metadata to Label PAS App Resources with a git SHA. Note the script at the bottom of the post. When you run this from your app’s the repository, PAS will automatically tag the app, droplet, and package with the commit SHA. Metadata in PCF 2.5 makes your life that much easier! Learn more.

But what about developers? What are we doing to make their multi-foundation life easier? Wonder no more—Apps Manager will help you deploy and observe your apps across foundations.

Check out the screenshot below. Notice the “All Foundations” search drop-down? You will be able to toggle the different foundations you search across. (And you will be able to search across all the expected parameters like org name, space name, service instance name, and app name.)

The new multi-foundation Apps Manager.

Look closely at the picture above, and you’ll see the foundations, santapaula, home, and wildomar. All three host apps, and now you can manage them all from a single location.

This feature is not yet available and will appear in the coming weeks.

If you’re a .NET developer interested in microservices, you have two options: wire up all the microservices scaffolding yourself or use Steeltoe.

Smart developers with important things to do opt for Steeltoe (over 2.6 million Nuget downloads and counting). The toolkit easily handles the trickiest parts of microservices, like service discovery, circuit breakers, and more. Here’s a look at what’s new in Steeltoe 2.2.

A more comprehensive application health profile. In the world of microservices, many factors contribute to the health of your app. Now, Steeltoe aggregates two new factors into the health profile of your code: config server and service discovery client. As my colleague David Dieruf writes: “If your app's connection to one of these services is acting up, then the instance can be recycled and a new connection can be instantiated. As a dev, you don’t need to do anything, it just works.”

An easy way for your .NET services to connect to MongoDB. Your .NET apps need a backing service to do anything interesting. For apps running on Cloud Foundry, you can use Steeltoe Connectors to consume instances of any number of data stores (MySQL, Microsoft SQL Server, PostgreSQL). Now you can add MongoDB to that list.

Expanded service discovery support for more scenarios. .NET developers have come to love Steeltoe for its core service discovery capabilities. Now, we’ve introduced new capabilities to help you get even more from the project. You can now use HashiCorp Consul as a new service discovery option. And you can now configure load balancing across multiple service instances.

Placeholder values and random values in Steeltoe.Extensions. Cloud-native apps that rely on environment variables for configuration need a little resilience. How about using placeholders and random values, to offer up some protection? That’s what Steeltoe.Extensions does via Microsoft’s Configuration extensions.

Learn more about Steeltoe 2.2, including tech tutorials, in this wonderful recap.

Steeltoe 2.2.0 is now GA! Lots of new features around management endpoints, service discovery, configuration, client-side load balancer, connectors, and other improvements. Here is an excellent blog post from @DierufDavid breaking down the newest features: https://t.co/0vu5K1Kv0J

Spring Cloud Data Flow for PCF (coming soon) is a toolkit for building data integration, batch, and real-time data processing pipelines to support IoT and other data-intensive business applications. This new version will bundle the latest open-source bits of Spring Cloud Data Flow 2.0 into one commercially supported package that easily integrates in with the rest of Pivotal Cloud Foundry.

What will the new capabilities be from open source SCDF? Our own Sabby Anandan offers up this summary:

The major release is packed with feature-improvements including the flexibility to configure a multi-platform backend to orchestrate streams and tasks from Cloud Foundry to Kubernetes, and vice-versa. To monitor streaming data pipelines, a comprehensive solution with the help of Prometheus, InfluxDB, and Grafana is now available. In terms of security, SCDF and the related components in the architecture default to OAuth2 and OpenID Connect as the standard. Further, SCDF v2.0 builds upon the stable foundations of Spring Boot 2.1.x and Spring Cloud 2.1.x, to bring Java 11 compatibility.

One other quick note: the release will offer up some infrastructure savings, compared to earlier versions. SCDF for PCF 1.4 will need fewer resources to operate, thanks to the removal of a separate metrics collection backing app. Look for the updated tile on Pivotal Network soon!

SSO for PCF (coming soon) is an all-in-one solution for securing access to applications and APIs on PCF. The module packs in loads of awesome features, like native authentication, federated single sign-on, and authorization. In version 1.9, these capabilities are more discoverable for the application developer. The module now sports a revamped application developer dashboard.

The new SSO for PCF interface.

Key information is presented at-a-glance. Instructions are more clear; workflows are simplified. All these enhancements should speed onboarding for new developers. Look for this feature in the coming weeks.

You probably update and change your manifest a fair amount. Don’t you wish there was a clearer way to tell what’s changed? In PCF 2.5, Ops Manager takes a page from the GitHub UI playbook, and shows you a colorful “manifest diff” view of the proposed changes to a given manifest. Check it out:

Operations Manager 2.5 includes lots of other useful new capabilities. Here’s the “best of the rest”:

Native support for Azure AZs for clean installs of PAS 2.5. Ops Manager natively supports Azure AZs. Previously, you had to use availability sets in Azure to achieve a solid stability configuration. The AZ approach is an easier and better choice for clean PAS installs. Learn more.

Better automation when SAML/LDAP are enabled. Operators can now use the full automation capabilities of Ops Manager when SAML/LDAP is enabled. Previously, human intervention was required in this scenario. Learn more.

Cert rotation on BOSH Director VMs. Ops Manager now rotates certificates used on BOSH Director VM. Many other scenarios in PCF already support this capability; now BOSH Director VMs do too. Learn more.

Apply vm_extensions to the BOSH Director VM. Now you can unlock the native IaaS capabilities for these VMs. Learn more.

Operations Manager API documentation updated. Are you familiar with these? If you care about automation, you should! Give them a scan to see if you’re automating your workflows as much as you should be:

CLI support for app-to-app network policies. Previously, this feature was only supported in the API. Learn more.

Disable container networking policies entirely. Operators can now disable container networking policies so that all apps can talk to each other on the overlay network. This will be a welcome option for those that just want all apps to be able to talk to all other apps. Learn more.

Finally, here are a few other changes you need to know about in this release.

PAS 2.5 does not ship with cflinuxfs2

As a result, you will need to complete the migration of your buildpack-based apps prior to upgrading to PAS 2.5. We first noted this change in PCF 2.3 back in September. This migration should be straightforward in the vast majority of cases. Continue to work with your account team on this change. We also encourage you to read the public migration documentation.

PASW 2012R2 End of Availability

In line with delivering the best experience for Windows workloads on PCF, the 2012 R2 stack is being retired. Please reach out to your account team to discuss migration and upgrade strategy.

And last but not least:

OpsManager 2.5 comes with a breaking change

If you use pipelines to pull down new versions of Operations Manager, please note the breaking change in file format. The new format (i.e. ops-manager-aws-2.5.1-build.123.pdf) requires some work on your end. For more information on how to workaround this breaking change, please see the KB article.

This blog contains statements relating to Pivotal’s expectations, projections, beliefs and prospects which are "forward-looking statements” within the meaning of the federal securities laws and by their nature are uncertain. Words such as "believe," "may," "will," "estimate," "continue," "anticipate," "intend," "expect," "plans," and similar expressions are intended to identify forward-looking statements. Such forward-looking statements are not guarantees of future performance, and you are cautioned not to place undue reliance on these forward-looking statements. Actual results could differ materially from those projected in the forward-looking statements as a result of many factors, including but not limited to: (i) our limited operating history as an independent company, which makes it difficult to evaluate our prospects; (ii) the substantial losses we have incurred and the risks of not being able to generate sufficient revenue to achieve and sustain profitability; (iii) our future success depending in large part on the growth of our target markets; (iv) our future growth depending largely on Pivotal Cloud Foundry and our platform-related services; (v) our subscription revenue growth rate not being indicative of our future performance or ability to grow; (vi) our business and prospects being harmed if our customers do not renew their subscriptions or expand their use of our platform; (vii) any failure by us to compete effectively; (viii) our long and unpredictable sales cycles that vary seasonally and which can cause significant variation in the number and size of transactions that can close in a particular quarter; (ix) our lack of control of and inability to predict the future course of open-source technologies, including those used in Pivotal Cloud Foundry; and (x) any security or privacy breaches. All information set forth in this release is current as of the date of this release. These forward-looking statements are based on current expectations and are subject to uncertainties, risks, assumptions, and changes in condition, significance, value and effect as well as other risks disclosed previously and from time to time in documents filed by us with the U.S. Securities and Exchange Commission (SEC), including our prospectus dated April 19, 2018, and filed pursuant to Rule 424(b) under the U.S. Securities Act of 1933, as amended. Additional information will be made available in our quarterly report on Form 10-Q and other future reports that we may file with the SEC, which could cause actual results to vary from expectations. We disclaim any obligation to, and do not currently intend to, update any such forward-looking statements, whether written or oral, that may be made from time to time except as required by law.

This blog also contains statements which are intended to outline the general direction of certain of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding the pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. All software releases are on an if and when available basis and are subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. Any purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this blog remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward-looking information in this blog.